Skills
skills/opusgamelabs/game-creator/scaffold-gateables/Gen Agent Trust Hub

scaffold-gateables

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or data exfiltration attempts were found in the skill code or metadata.
  • [SAFE]: The skill implements a central security seam (isEntitled) that defaults to a locked state, ensuring premium features are inactive by default.
  • [SAFE]: Command execution is restricted to standard project build and development scripts (npm run build, npm run dev) and is consistent with the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests various project files that could contain instructions. 1. Ingestion points: Reads package.json, Constants.js, EventBus.js, GameState.js, main.js, and progress.md. 2. Boundary markers: None identified for delimiting code content from instructions. 3. Capability inventory: Modifies JavaScript modules and executes shell commands (npm run build, npm run dev). 4. Sanitization: No sanitization of ingested content is performed.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 08:03 PM